1. What type of certificate should we buy ? Means is there any specific certificate dedicate to such encryption or we just simply ask third party certificate authority about it ?
2. We are using two ESA devices for outbound emails and I believe we require one certificate for each device. Correct me if I am wrong.
3. As there are variety of certificate available at third party CA authority what are the type of certificate is required for ESA TLS encryption?
4.Is there any detailed document/video where I can find the ESA TLS Encryption and end user decryption in as well.
5.In case of emails drops or deliverable, how to trace and restore them?
1. you can buy a standard web server cert, nothing special. We use our wild card.
2. you want the cert to match the A record that points at the ESA and you want the ESA to use that name on the interface so that's what shows up in the HELO/EHLO response. Not everyone verifies certs, but you want it to match if they do... which is why we use a wildcard.
3. same question as number 1, same answer
4. Users never have to interact with TLS, there are probably Youtubes around, I don't have links. I know there are videos around for the encrypted envelope stuff, but I don't have links.
5. You can set outbound mail that requires encryption to notify the sender if it fails, so your users will have the mail, no recovery required... the ESA doesn't keep it... If you're dropping mail using some sort of content filter, you can add an action to archive or quarantine the mail before you drop it...
Hi experts,I would like any suggestions on this topology. We are is the middle of replacing our old ASA5520 with the new FirePower. Our current firewall terminate our IPsec tunnels and the GRE is terminated on the first inside router's loopback on the sec...
Hi All, A customer wants to authenticate Anyconnect VPN users from an ASA using the client installed certificate and then with AD. i.e. Is this a corporate device?Would we recommend authenticating the cert on the ASA then passing the AD check to ISE ...
Hello Team, we are getting alert in FMC stating policy deployment failed, we are running on 6.2.0 version and not sure which version is stable version to re mediate this issue, in one event i have seen restart will resolve this issue but is it perman...
Threat Hunting 101
In the latest Cisco Cybersecurity report, we explore all there is to know about threat hunting and provide a how-to guide for creating a threat hunting team.
Here are some of th...
What Is Cisco Identity Services Engine?
Cisco Identity Services Engine (ISE) is an all-in-one enterprise policy control product that enables comprehensive secure wired, wireless, and Virtual Private Networking (VPN) access.
Cisco ISE offers...